Compute Services

Security From Chip to Cloud: Data-in-Use Protection Only on IBM Cloud

Share this post:

IBM Cloud offers an industry-first data-in-use protection solution for cloud-native applications

Cloud-native applications have been growing rapidly, escalating the development of innovative solutions that enable enterprise digital transformations. A recent Cloud Native Computing Foundation (CNCF) study indicates that the production usage of cloud-native applications has grown by an average of more than 200 percent in the last year. Among those applications, 73 percent use containers as a core technology in their journey to cloud.

Despite brisk growth, data security concerns continue to constrain cloud-native expansion. According to Ponemon Institute’s 2018 Cloud Data Security Study, the majority of respondents—71 percent—consider conventional security inadequate to protect sensitive data in cloud environments. And nearly half of all organizations surveyed say their organizations demand security measures such as encryption to safeguard cloud computing resources.

Founded on the principle that the cloud offers a unique opportunity to do security right, IBM Cloud now offers an industry-first data-in-use protection solution for cloud-native applications. These new capabilities are poised to allow a new set of data-centric applications to move to the cloud, enabling enterprises to adopt cloud with confidence.

Data-in-use protection for infrastructure

IBM introduced a security technology offering on IBM Cloud infrastructure that provides secure enclaves designed to protect data used in application runtimes. Using Intel Secure Guard Extensions (SGX) technology on cloud servers, application developers can enhance their application code to protect sensitive data within protected areas of execution, called enclaves. This offering paves the way for a proactive approach to cloud security and allows developers to build apps safely with highly agile tools that can bring them to market faster.

Data-in-use protection for containers integrated into IBM Cloud Kubernetes Service

To help developers building containerized applications, IBM recently announced the availability of secure enclave technologies to be used with the IBM Cloud Kubernetes Service. IBM is the first cloud provider to integrate this data-in-use protection technology into Kubernetes services, allowing developers to orchestrate their container apps that already exploit secure enclaves designed to be deployed in SGX servers on IBM Cloud.

Data-in-use protection for apps using IBM Cloud Data Shield

Security skills are hard to come by. It has long been a dream for some developers to be able to protect their applications with hardware-rooted security enclaves without the necessity to learn the nuances of hardware SDKs. Developers want security without having to make any code changes.

This is no longer a dream.

IBM introduces IBM Cloud Data Shield as an experimental capability. Using this offering, developers can build a Python or C/C++ app or one of many pre-canned cloud native technologies—like NGINX or MySQL—and containerize and shield with IBM Data Shield. Such a shielded app can be deployed on IBM Cloud Kubernetes Service, allowing protection of sensitive data in use without code changes!

Protect data-in-use as part of your holistic cloud data protection strategy. Try out these capabilities on IBM Cloud. We look forward to your feedback and to learning how you take your apps to the next level of security.


To request a demo, receive a Slack invite for Data Shield workspace, or ask any questions, please email

Distinguished Engineer, CTO & Director, Cloud Security

More Compute Services stories
May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading